03.12.2012, 08:52, "Sabra Crolleton" sabra.crolleton@gmail.com:
This patch changes the function random-string to use secure-random:number which is a better random number generator.
Anton Vodonosov, since secure-random is your package, I would appreciate your review.
Sabra
Hello.
This fix would be good if secure-random didn't depended on cl+ssl.
Currently secure-random uses cl+ssl random number generator, so applying this patch will make hunchentoot always unconditionally depend on cl+ssl, but hunchentoot is supposed to be workable without cl+ssl (if :hunchentoot-no-ssl is present in *features*).
If application wants to prevent cl:random from session-secret initialization, than the application can initialize hunchentoot:*session-secret* variable. That is why the variable is exported and why hunchentoot emits a warning in case the variable is not initialized.
So I suggest that applications use secure-random to initialize hunchentoot:*session-secret*.
Or maybe secure-random should be enabled if cl+ssl is enabled with hunchentoot? Opinions?
Best regards, - Anton